Camera ID is Samsara’s only feature that leverages face recognition technology and is used to facilitate driver assignment, enabling accuracy and efficiency in route assignment and organization, as well as driver coaching.
Because the scope of what constitutes biometric data under various jurisdictions’ laws has not yet been resolved, it is possible that individuals may assert that Camera ID collects, uses, and stores information that qualifies as biometric data under a particular jurisdiction’s laws. Samsara’s customers are responsible for compliance with applicable law governing any collection, storage, use, and/or transmission of information through their use of Camera ID, including but not limited to, obtaining any required consents from drivers. Samsara views such measures as the responsibility of its customers, not Samsara.
Samsara includes the term “biometric data” throughout its resources in an abundance of caution given the unsettled and evolving legal requirements. Samsara’s use of the term “biometric data” does not reference any particular legal definition of that term.
The information provided below is not intended to be legal advice or a substitute for legal advice, and does not nullify or modify our customers’ legal or contractual obligations. It is the sole responsibility of Samsara’s customers to determine if applicable data protection and biometric privacy laws apply to the customer’s use of Samsara’s products and services and to take any necessary steps to comply with such laws.
Last updated: December 2025
In the United States, certain states and cities, including but not limited to California, Colorado, Illinois, Texas, and the City of Portland, Oregon have passed laws that have notice and consent and other requirements for how companies collect, use, share, and store biometric data. If you have drivers who reside or operate vehicles in these jurisdictions, these laws may apply to your use of Camera ID. For more information about Camera ID, see Samsara's Biometric Data Retention and Destruction Policy. For more information about Samsara’s approach to face recognition and biometric data, see Samsara’s Face Recognition and Biometric Data Commitment.
Summary of Key Requirements
The following list summarizes certain key requirements in the U.S. cities and states noted above, and is not intended to be exhaustive:
-
California: The California law (here) requires companies to inform individuals, at or before the point of collection, that their biometric data is being collected, the specific purpose for which the biometric data is being collected, and how long the biometric data will be retained.
-
Colorado: The Colorado law (relevant amendment to Colorado’s Privacy Act here) requires companies to obtain consent from individuals and inform individuals, before any biometric data is collected, that their biometric data is being collected, the specific purpose for which the biometric data is being collected, and how long the biometric data will be retained. The law also requires companies to obtain consent from individuals before any biometric data is collected, sets specific deletion timelines, and requires companies to have a written policy regarding the collection and use of biometric information.
-
Illinois: The Illinois law (here) requires companies to inform individuals in writing, before any biometric data is collected or captured, that their biometric data is being collected, stored, used, or disclosed; inform them of the specific purpose and length of term for which the biometric data is being collected, stored, and used; and also to obtain consent from them or their legally authorized representative in a written release. In addition, companies have to make a written policy available to the public about how they retain and destroy biometric data.
-
Texas: The Texas law (here) requires companies to inform individuals that their biometric data will be captured for a commercial purpose and obtain their consent for such capture, before any biometric data is captured. It also sets deletion timelines for biometric data.
-
City of Portland: Chapter 34.10 of the city code prohibits the use of face recognition technologies by private entities in places of public accommodation within Portland city limits.
Because there are biometric privacy statutes (as noted above), that require notice and consent before collecting or capturing biometric data, we strongly encourage you to incorporate a notice and consent process into your driver onboarding. For your convenience, we've included the following consent form and policy examples. Before using these examples, you should make sure they work for your intended use of Camera ID.
|
Consent to Collection of Biometric Data We use Samsara’s hardware and software technology to manage our fleet and improve driver safety. The Camera ID feature will collect, store, and process information about your face for purposes of assigning drivers to vehicles, trips, and safety events in the Samsara dashboard. The face recognition information used by Camera ID may include biometric data regulated under applicable law. The face recognition information used by Camera ID is processed using Amazon Web Services (AWS) cloud-based software. Information used by Camera ID is retained until 90 days after [insert company name] either deactivates you from its Samsara account or disables Camera ID, at which point the information used by Camera ID, including any information that may constitute biometric data under applicable law, will be permanently deleted. More information about Camera ID may be found at Samsara’s website: https://www.samsara.com/support/biometric-data-retention-and-destruction-policy. A copy of our Biometric Data Policy is available on request. By signing below, you consent to Samsara's and [insert company name]’s collection, use, disclosure, and storage of your biometric data as described above. Signature: __________________________________________________ Name: ______________________________________________________ Date: ________________________ |
|
[Insert company name] Biometric Data Retention and Deletion Policy Purpose We use Samsara’s hardware and software technology to manage our fleet and improve driver safety. Samsara’s Camera ID feature uses face recognition information to enable us to assign drivers to vehicles, trips, and safety events in the Samsara dashboard. This enhances safety by increasing the efficacy of Samsara’s driver-based insights and also helps us maintain accurate logs of our operations. Policy Our policy is to protect, store, and delete any biometric data in accordance with applicable laws and regulations, including, but not limited to, the [insert applicable law, e.g., the Illinois Biometric Information Privacy Act]. Retention and Destruction of Biometric Data Information used by Camera ID will be retained until 90 days after [insert company name] either deactivates you from its Samsara account or disables Camera ID, at which point such information, including any information that may constitute biometric data under applicable law, will be permanently deleted. |
Last updated: December 2025
Samsara recommends always receiving consent before collecting sensitive personal information from individuals. In the European Union and the United Kingdom, the UK/EU General Data Protection Regulation (“GDPR”) and the laws of EU Member States contain requirements for how companies can use, share, store, or otherwise process “biometric” data that can be used to identify individuals, which may include information used by Camera ID. For more information about Camera ID, including our retention of biometric data, see Samsara's Biometric Data Retention and Destruction Policy.
The following list is a summary of key UK/EU GDPR requirements and is not intended to be an exhaustive list:
-
The UK/EU GDPR treats “biometric data for the purpose of uniquely identifying a natural person” as a special category of personal data. Thus, entities wishing to process such data must ensure they have an appropriate legal basis to do so. Consent may constitute a legal basis. However, in an employment context, consent as a legal basis can be more complicated. It is important that consent is specific, informed, and freely given.
-
As for other features like audio recording and collection of location data, it is important to weigh the privacy impact of those features against your intended use.
Last updated: December 2025
Samsara recommends always receiving consent before collecting sensitive personal information from individuals. In Canada, Canadian privacy laws contain requirements for how companies can collect, use, share, store, or otherwise process personal information. Biometric data, which may include information leveraged by Camera ID, is considered personal information under Canadian privacy laws, and is considered sensitive. As such, notice and, in some circumstances explicit and informed consent, is generally required for its collection and use.
In the Canadian province of Quebec, the Commission d’accès à l’information (CAI) has emphasized that biometric data is “particularly sensitive” and there are additional conditions and restrictions for the collection and use of biometric data under Quebec’s Law 25 and Quebec’s Act to establish a legal framework for information technology that include (but are not limited to):
-
A requirement that a person’s identity not be verified or confirmed by means of a process that allows biometric characteristics or measurements to be recorded, except with the express consent of the person concerned. An express consent must be voluntary, which means that the individual must be provided with an alternative if they do not consent.
-
A requirement that, even with consent, the collection of biometric data must be for a serious and legitimate reason, and be limited to only the information necessary for such purpose.
-
A requirement that the CAI be notified of (1) the use of a biometric system for identification purposes; and (2) the creation of a database of biometric characteristics and measurements.
Additionally, in Quebec, organizations must ensure that their collection and use of biometric data complies with the Quebec Charter of Human Rights and Freedoms.
Comments
0 comments
Please sign in to leave a comment.